libselinux/0016-selinux-8-mark-up-SELINUX-values.patch
Petr Lautrbach c2f612087d libselinux-3.1-5
- selinux(8): explain that runtime disable is deprecated
2020-11-20 14:33:36 +01:00

52 lines
2.4 KiB
Diff

From c698cd8cbc98ab2f795d3c353c9f978c1758106d Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Nov 2020 17:23:38 +0100
Subject: [PATCH] selinux(8): mark up SELINUX values
Mark up the possible values of SELINUX (disabled, permissive, enforcing)
for better readability.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
libselinux/man/man8/selinux.8 | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
index 8b4fc3706989..522d45960bf3 100644
--- a/libselinux/man/man8/selinux.8
+++ b/libselinux/man/man8/selinux.8
@@ -19,18 +19,18 @@ enabled or disabled, and if enabled, whether SELinux operates in
permissive mode or enforcing mode. The
.B SELINUX
variable may be set to
-any one of disabled, permissive, or enforcing to select one of these
-options. The disabled option completely disables the SELinux kernel
-and application code, leaving the system running without any SELinux
-protection. The permissive option enables the SELinux code, but
-causes it to operate in a mode where accesses that would be denied by
-policy are permitted but audited. The enforcing option enables the
-SELinux code and causes it to enforce access denials as well as
-auditing them. Permissive mode may yield a different set of denials
-than enforcing mode, both because enforcing mode will prevent an
-operation from proceeding past the first denial and because some
-application code will fall back to a less privileged mode of operation
-if denied access.
+any one of \fIdisabled\fR, \fIpermissive\fR, or \fIenforcing\fR to
+select one of these options. The \fIdisabled\fR option completely
+disables the SELinux kernel and application code, leaving the system
+running without any SELinux protection. The \fIpermissive\fR option
+enables the SELinux code, but causes it to operate in a mode where
+accesses that would be denied by policy are permitted but audited. The
+\fIenforcing\fR option enables the SELinux code and causes it to enforce
+access denials as well as auditing them. \fIpermissive\fR mode may
+yield a different set of denials than enforcing mode, both because
+enforcing mode will prevent an operation from proceeding past the first
+denial and because some application code will fall back to a less
+privileged mode of operation if denied access.
The
.I /etc/selinux/config
--
2.29.2